scanning-infrastructure-with-nessus

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes curl examples and instructions that embed credentials and tokens directly (e.g., POSTing {"username":"admin","password":"password"} and using X-Cookie: token=), which requires the agent to handle and output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running privileged, state-changing commands (e.g., "sudo systemctl start nessusd", "sudo systemctl enable nessusd" and system-level nessuscli updates), which direct the agent to modify the host system using sudo-level operations.